Home Insights & Advice Why WFH is attractive to cybercriminals

Why WFH is attractive to cybercriminals

by John Saunders
22nd Nov 21 5:23 pm

Cybercriminals are always on the prowl; they work conscientiously, looking for vulnerabilities and entry points to launch attacks. Unfortunately for businesses, they are very dedicated and constantly lookout for any soft spot in your network; with the knowledge that one successful attack can go a long way to cripple your business, they are willing to spend long hours, days, or even weeks perfecting their attack plans.

Cybercriminals relish upheavals in the system that can make businesses to be a bit careless with their cybersecurity measures. They thrive on unfortunate incidents such as the COVID-19 pandemic that can dramatically change the way businesses operate; knowing fully well that it will take some time for businesses to come to terms with changes such as WFH that got a very big boost from the COVID-19 pandemic, they leverage the attendant confusion to ravage the business world and make cyber-attacks to become big issues for businesses.

It’s no longer news that digital transformation was given priority in the 2021 budgets of most organisations to ensure a smooth WFH; however, cybersecurity is still very relevant and that is why 75% of 100 CIOs of Fortune 500 brands decided to give it the second most important priority in the budget.

What is the meaning of WFH?

WFH is not anything strange; it’s a working model that some organisations have been practicing and is just an acronym for work from home. However, it does not really mean that the work must be done in the home; it aggregates all the work that is done remotely and not in the traditional physical workspace.

Before the pandemic, only a few organisations were involved in WFH, but it’s now the norm. The way business transactions go on in a WFH model and the suddenness of the decision to embark on WFH by organisations has made it very attractive to cybercriminals. We shall explore some ways they leverage WFH to carry out their nefarious activities.

Phishing attacks

According to Statista, phishing constituted up to 54 percent of digital vulnerabilities in 2020. The FBI also reported that phishing attacks rose from 114,702 incidents in 2019 to 241,324 incidents in 2020.

These reports stem from the WFH model that businesses had to embark upon for survival and ensure that their customers are satisfied. Cybercriminals have realised that WFH will lead to a lot of email exchanges as well as text messages; employees will have to reach across to members of their teams; they must know what is going on; managers have to pass instructions across, and since employees operate from isolated places, the only way to do this effectively is through emails and messages.

The mode of phishing attacks is to lure employees into responding to fraudulent emails with the belief that they are coming from reputable sources. Since employees on the WFH model have to deal with a lot of emails, there are good chances that they can innocently respond to emails from cybercriminals who masquerade as authentic sources.

Cybercriminals leverage this opportunity to steal sensitive data and install malware into your organisation’s network. The best way to counter phishing is to ensure that your employees are alert to this form of threat; they must understand the need to be wary of any suspicious email; where there is any confusion regarding the authenticity of the email, there must be measures put in place to verify the source. WFH does not mean that you cannot interact with members of your team.

Home Wi-Fi vulnerability

In the physical workspace setting, it’s easier for IT managers to control the security of the organisation’s Wi-Fi networks; this is not easy to accomplish with WFH. Employees can resort to using public Wi-Fi that can have weaker protocols (WEP) rather than WPA-2. WEP gives cybercriminals better chances of accessing your organisation’s network.

A protective measure to secure your traffic if it’s inevitable that your employees must use public Wi-Fi is to ensure they use VPN when they connect to a public Wi-Fi network. The VPN serves as the private tunnel that will encrypt your data when it passes through the network.

Even where cybercriminals manage to get hold of your data, they will find it extremely difficult to interpret it.

Brute force attacks

WFH has given more opportunities to cybercriminals to embark on brute force attacks; some employees make use of personal devices to carry out tasks and this can be very risky, especially where they make use of simple passwords. Indeed, brute force attacks are not based on intellectual strategy, but the large surface area created by more employees using different devices makes it worth the effort for cybercriminals.

By cracking passwords and encryption keys of one employee, a cybercriminal can install malware or conduct data breaches that will affect the entire organisation. The simplicity of brute force attacks gives cybercriminals an undue advantage.

Incidentally, any password or encryption key can be subjected to brute force attack, however, the success time depends on the strength of the password. A study reveals that a password string that consists of 13 characters will take 359000 years to crack by brute force.

Employees must be encouraged to use a combination of complex passwords and two-factor authentication.


WFH has come to stay, even if the world gets out of the COVID-19 pandemic, there are no guarantees that every employee will go back to the physical workspace; this makes it extremely important that strong cybersecurity measures must be put in place to ensure that employees are protected from cybercriminals while carrying out their tasks. Every employee must be aware of the danger cybercriminals pose to both the organisation and customers; a successful cyber breach can lead to the closure of the business and loss of jobs.

Leave a Comment


Sign up to our daily news alerts